Reasons to rethink how you use your credit card

If you’re anything like me, you’re now at the point where you withdraw a small amount of cash to carry around with you until next payday to cover incidentals (lunches, drinks, bread and milk, etc) and do the bulk of your regular purchases either by plastic at the point of sale or online. What’s more, the government and the credit card companies are trying to make this practice the de-facto standard to address things like fraud, money laundering and the universal catch-all for any modern government initiative: terrorism.

The downside to this is that cards are relatively easy to forge and misuse. This problem and its likelihood varies throughout the world with the USA (the last time I checked) being one of the least secure in just requiring a signature and Australia having had mandatory PIN usage for almost 30 years. The UK has only moved from signatures to PIN within the last 5 or so years.

With all that security you may think that your credit card information would require some kind of gadget to read your card while at a cashpoint/ATM (I always check for add-on fascias) or sleight-of-hand to skim it at a restaurant (my card never leaves my sight), but there is a guaranteed exclusion to the PIN entry requirement: online and telephone orders. Such as when you call an order through to your local takeaway delivery place and pay with your card because you don’t happen to have enough cash at home. Most won’t provide a mobile card machine so you have to read the details through to them over the phone: name, card number, expiry date and security code (on the back of the card). Everything a scumbag needs to spend your money.

And that’s exactly how I’ve just been done. Again. And quite likely via the same shop, though I’ve only just deduced that by elimination. I received a letter from my bank today advising that it has put a hold on my Visa debit card (current account with its own Visa card number) due to some unusual transactions. My initial thought was that they’d gone bananas — as a former bank had done some years ago, resulting in every single transaction being flagged as fraudulent (which is why I say former bank) — but when I called them they advised that on Tuesday they detected seven fraudulent transactions totalling £1,300 and blocked them all.

Needless to say I’m quite pleased with their hit rate, particularly as they just got 7/7 hits and I’ve not been inconvenienced in any purchases recently (zero false-positives or -negatives). I wish my email provider’s antispam detection facilities were that good. Of course the bank then tried to upsell me some card protection insurance, which I politely declined after pointing out that now was perhaps not the most ethical time to try to pitch a sale, it being the functional equivalent of a mortuary attendant trying to sell me a burial package while there to bury my dear old aunt.

So I’m going to re-think my approach to giving card details over the phone. My seldom-used credit card has a facility called a “webcard” which allows me to generate a single-use virtual credit card with the maximum transaction value I choose and an expiry date of one month. Although it will mean being at a Windows PC every time I make a phone order, it should do the job nicely. And I won’t be buying any more scumbags the latest flatscreen TV.

Update 1: It seems my credit card provider discontinued its “webcard” product as of October 2009 without telling anyone. Unless I can find something else to replace it with, it seems that I’ll no longer be doing business with takeaway delivery places that don’t offer either a mobile card reader or online ordering facility, or indeed with anyone who requests my card details over the phone. I really like their food, too. Oh well.

Update 2: To address a few queries I’ve had so far: I am not going to name the takeaway place. Blogging is a medium that English & Welsh law (insanely) considers actual publishing, like a newspaper or book and therefore subject to its even more insane libel laws, you want me to name the shop without proof? Not going to happen.